$ rpki-client -vvf rpki.apnic.net/member_repository/A9145D25/67F2B0D80BD211ECBAA4806AC4F9AE02/BFFF6C4A07D911EDA41A0B25C4F9AE02.roa File: BFFF6C4A07D911EDA41A0B25C4F9AE02.roa (raw, json) Hash identifier: hGESD+bTFhyy/XzxOz7JzM12GktK/1TWm0cZpyKC/pU= Subject key identifier: CD:20:57:B6:C6:1C:72:A4:68:8A:57:06:E8:D1:01:F4:E3:21:14:8B Certificate issuer: /CN=A9145D25/serialNumber=C2F28E9D188439C4FE69F63A4CAA6DA42496291D Certificate serial: 0624 Authority key identifier: C2:F2:8E:9D:18:84:39:C4:FE:69:F6:3A:4C:AA:6D:A4:24:96:29:1D Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/wvKOnRiEOcT-afY6TKptpCSWKR0.cer Subject info access: rsync://rpki.apnic.net/member_repository/A9145D25/67F2B0D80BD211ECBAA4806AC4F9AE02/BFFF6C4A07D911EDA41A0B25C4F9AE02.roa Signing time: Mon 02 Mar 2026 13:08:09 +0000 ROA not before: Thu 25 Sep 2025 02:58:31 +0000 ROA not after: Tue 01 Dec 2026 00:00:00 +0000 asID: 135074 IP address blocks: 103.135.208.0/22 maxlen: 22 103.135.208.0/24 maxlen: 24 103.135.209.0/24 maxlen: 24 103.135.210.0/24 maxlen: 24 103.135.211.0/24 maxlen: 24 103.172.110.0/23 maxlen: 24 103.204.13.0/24 maxlen: 24 203.168.128.0/22 maxlen: 22 203.168.128.0/24 maxlen: 24 203.168.129.0/24 maxlen: 24 203.168.130.0/24 maxlen: 24 203.168.131.0/24 maxlen: 24 203.168.192.0/24 maxlen: 24 203.168.193.0/24 maxlen: 24 203.168.194.0/24 maxlen: 24 203.168.195.0/24 maxlen: 24 203.168.196.0/24 maxlen: 24 203.168.197.0/24 maxlen: 24 203.168.198.0/24 maxlen: 24 203.168.199.0/24 maxlen: 24 203.168.200.0/24 maxlen: 24 203.168.201.0/24 maxlen: 24 203.168.202.0/24 maxlen: 24 203.168.203.0/24 maxlen: 24 203.168.204.0/24 maxlen: 24 203.168.205.0/24 maxlen: 24 203.168.206.0/24 maxlen: 24 203.168.207.0/24 maxlen: 24 Validation: OK Signature path: rsync://rpki.apnic.net/member_repository/A9145D25/67F2B0D80BD211ECBAA4806AC4F9AE02/wvKOnRiEOcT-afY6TKptpCSWKR0.crl rsync://rpki.apnic.net/member_repository/A9145D25/67F2B0D80BD211ECBAA4806AC4F9AE02/wvKOnRiEOcT-afY6TKptpCSWKR0.mft rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/wvKOnRiEOcT-afY6TKptpCSWKR0.cer rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer Signature path expires: Tue 31 Mar 2026 22:52:52 +0000 Certificate: Data: Version: 3 (0x2) Serial Number: 1572 (0x624) Signature Algorithm: sha256WithRSAEncryption Issuer: CN=A9145D25, serialNumber=C2F28E9D188439C4FE69F63A4CAA6DA42496291D Validity Not Before: Sep 25 02:58:31 2025 GMT Not After : Dec 1 00:00:00 2026 GMT Subject: CN=69a58bb9-ce39 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:af:ba:5f:14:ff:c4:90:75:1e:57:88:be:83:68: 52:0f:bd:0a:b7:f5:10:cf:d2:d0:29:7b:20:e0:2d: 14:61:ae:eb:08:37:78:4f:b9:80:3a:22:03:65:8a: 3e:58:60:9b:bf:1d:80:fe:38:d6:8a:e9:8a:cf:57: b5:f6:fc:e2:23:54:1b:3d:9a:dc:aa:47:e6:f2:4f: 03:2b:b7:42:d8:e3:07:a7:8a:d6:90:84:fb:08:ce: 06:38:de:e8:42:75:b5:27:b9:9e:16:2d:0d:bc:56: 3e:8f:a5:2e:de:75:fc:ae:cc:a7:c2:34:25:30:dd: 62:ea:a0:2c:64:36:ae:0d:0f:19:a0:90:ef:bd:50: 6c:91:93:44:7f:91:45:42:ef:33:3c:0b:d6:f2:95: f0:67:46:b6:25:06:78:62:1d:87:1f:5d:b0:b4:c9: 94:ee:da:33:59:92:1e:41:46:78:55:ee:69:9b:62: 46:7b:5a:de:d6:2e:36:ba:b7:c8:62:84:32:c9:e9: c6:c6:ee:ac:3f:f0:0f:fc:01:c4:f3:85:0a:41:6b: 57:10:b4:47:cd:6e:47:27:f3:ac:53:01:97:b4:1d: f5:8e:43:cc:e6:4f:4b:fb:86:8d:03:3e:57:d6:b8: 34:66:b6:67:38:0c:f3:8b:da:f8:b4:c8:79:27:d9: cc:7d Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: CD:20:57:B6:C6:1C:72:A4:68:8A:57:06:E8:D1:01:F4:E3:21:14:8B X509v3 Authority Key Identifier: keyid:C2:F2:8E:9D:18:84:39:C4:FE:69:F6:3A:4C:AA:6D:A4:24:96:29:1D X509v3 Key Usage: critical Digital Signature X509v3 CRL Distribution Points: Full Name: URI:rsync://rpki.apnic.net/member_repository/A9145D25/67F2B0D80BD211ECBAA4806AC4F9AE02/wvKOnRiEOcT-afY6TKptpCSWKR0.crl Authority Information Access: CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/wvKOnRiEOcT-afY6TKptpCSWKR0.cer X509v3 Certificate Policies: critical Policy: ipAddr-asNumber CPS: https://www.apnic.net/RPKI/CPS.pdf Subject Information Access: Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9145D25/67F2B0D80BD211ECBAA4806AC4F9AE02/BFFF6C4A07D911EDA41A0B25C4F9AE02.roa sbgp-ipAddrBlock: critical IPv4: 103.135.208.0/22 103.172.110.0/23 103.204.13.0/24 203.168.128.0/22 203.168.192.0/20 Signature Algorithm: sha256WithRSAEncryption 46:3a:12:33:c8:cd:bf:33:e0:2d:77:c5:92:fd:7f:17:e3:09: 6a:2b:f7:c7:b7:ff:9a:9e:71:ad:46:14:a0:b2:11:49:44:35: 59:47:4c:16:5a:35:72:53:c3:a4:a2:4a:d6:91:61:7d:be:00: ea:7f:6b:20:34:c5:14:d2:21:e5:04:2b:b9:05:7a:01:30:fd: 50:30:ad:8c:a4:09:a4:79:0a:72:a7:80:4a:2b:c3:42:ee:b9: 20:58:cc:bc:f7:c4:a0:18:d5:4a:5a:b2:81:0c:e0:24:15:86: a9:99:10:9b:4d:4e:d8:11:77:fc:59:1f:9d:7f:05:5f:f4:42: cc:1b:6a:ab:02:2d:a1:14:de:8c:91:09:b1:6f:d5:e4:da:42: db:8c:0e:23:9d:f5:b0:6e:21:c3:97:ed:70:5c:f7:01:ba:9b: 47:6c:be:cf:65:f6:8c:41:2a:e6:c5:a9:98:51:ec:0c:84:39: 09:3d:7b:12:38:1d:a4:67:30:2c:fa:99:90:1b:40:d7:0f:2f: ec:14:97:dc:d0:7f:56:08:e1:ef:75:29:88:65:76:77:e5:b1: de:61:fd:a1:fd:54:ac:cf:fc:fc:9d:3d:df:fb:98:1c:42:9d: c8:3d:7a:32:b7:7c:cf:89:89:04:31:36:72:f8:51:ab:b5:a3: 99:61:ca:12 -----BEGIN CERTIFICATE----- MIIFVDCCBDygAwIBAgICBiQwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx NDVEMjUxMTAvBgNVBAUTKEMyRjI4RTlEMTg4NDM5QzRGRTY5RjYzQTRDQUE2REE0 MjQ5NjI5MUQwHhcNMjUwOTI1MDI1ODMxWhcNMjYxMjAxMDAwMDAwWjAYMRYwFAYD VQQDEw02OWE1OGJiOS1jZTM5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC AQEAr7pfFP/EkHUeV4i+g2hSD70Kt/UQz9LQKXsg4C0UYa7rCDd4T7mAOiIDZYo+ WGCbvx2A/jjWiumKz1e19vziI1QbPZrcqkfm8k8DK7dC2OMHp4rWkIT7CM4GON7o QnW1J7meFi0NvFY+j6Uu3nX8rsynwjQlMN1i6qAsZDauDQ8ZoJDvvVBskZNEf5FF Qu8zPAvW8pXwZ0a2JQZ4Yh2HH12wtMmU7tozWZIeQUZ4Ve5pm2JGe1re1i42urfI YoQyyenGxu6sP/AP/AHE84UKQWtXELRHzW5HJ/OsUwGXtB31jkPM5k9L+4aNAz5X 1rg0ZrZnOAzzi9r4tMh5J9nMfQIDAQABo4ICeDCCAnQwHQYDVR0OBBYEFM0gV7bG HHKkaIpXBujRAfTjIRSLMB8GA1UdIwQYMBaAFMLyjp0YhDnE/mn2OkyqbaQklikd MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0NUQyNS82N0YyQjBEODBC RDIxMUVDQkFBNDgwNkFDNEY5QUUwMi93dktPblJpRU9jVC1hZlk2VEtwdHBDU1dL UjAuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy RkQxRkYyL3d2S09uUmlFT2NULWFmWTZUS3B0cENTV0tSMC5jZXIwSgYDVR0gAQH/ BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx NDVEMjUvNjdGMkIwRDgwQkQyMTFFQ0JBQTQ4MDZBQzRGOUFFMDIvQkZGRjZDNEEw N0Q5MTFFREE0MUEwQjI1QzRGOUFFMDIucm9hMDcGCCsGAQUFBwEHAQH/BCgwJjAk BAIAATAeAwQCZ4fQAwQBZ6xuAwQAZ8wNAwQCy6iAAwQEy6jAMA0GCSqGSIb3DQEB CwUAA4IBAQBGOhIzyM2/M+Atd8WS/X8X4wlqK/fHt/+annGtRhSgshFJRDVZR0wW WjVyU8OkokrWkWF9vgDqf2sgNMUU0iHlBCu5BXoBMP1QMK2MpAmkeQpyp4BKK8NC 7rkgWMy898SgGNVKWrKBDOAkFYapmRCbTU7YEXf8WR+dfwVf9ELMG2qrAi2hFN6M kQmxb9Xk2kLbjA4jnfWwbiHDl+1wXPcBuptHbL7PZfaMQSrmxamYUewMhDkJPXsS OB2kZzAs+pmQG0DXDy/sFJfc0H9WCOHvdSmIZXZ35bHeYf2h/VSsz/z8nT3f+5gc Qp3IPXoyt3zPiYkEMTZy+FGrtaOZYcoS -----END CERTIFICATE-----Generated at Thu Mar 26 14:41:22 2026 by rpki-client